The Standard SSL Handshake

Posted 2020-10-18 zzfx

The following is a standard SSL handshake when RSA key exchange algorithm is used:

1.  Client Hello

Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher settings, session-specific data.

4.  Decryption and Master Secret

Server uses its private key to decrypt the pre-master secret. Both Server and Client perform steps to generate the master secret with the agreed cipher.

 

2.  Server Hello

Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher settings, session-specific data.

 

5.  Encryption with Session Key

Both client and server exchange messages to inform that future messages will be encrypted.

 

3.  Authentication and Pre-Master Secret

Client authenticates the server certificate. (e.g. Common Name / Date / Issuer) Client (depending on the cipher) creates the pre-master secret for the session, Encrypts with the server‘s public key and sends the encrypted pre-master secret to the server.

 

https://www.websecurity.symantec.com/security-topics/how-does-ssl-handshake-work